diff options
| author | Wayne Starr <Racer159@users.noreply.github.com> | 2022-11-09 09:02:21 -0600 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-09 23:02:21 +0800 |
| commit | 3c07ed091174f4258ae930b5516b2cf773ac313d (patch) | |
| tree | 859b6ec36972cd3cc5c16ca2d6b72b31b6ec87a0 /routers/api/packages/pypi/pypi.go | |
| parent | 995ae06a6e02b7fb1938bb7ac2a1d5fe10be55b1 (diff) | |
| download | gitea-3c07ed091174f4258ae930b5516b2cf773ac313d.tar.gz gitea-3c07ed091174f4258ae930b5516b2cf773ac313d.zip | |
Remove semver compatible flag and change pypi to an array of test cases (#21708) (#21729)
Backport (#21708)
This addresses #21707 and adds a second package test case for a
non-semver compatible version (this might be overkill though since you
could also edit the old package version to have an epoch in front and
see the error, this just seemed more flexible for the future).
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Diffstat (limited to 'routers/api/packages/pypi/pypi.go')
| -rw-r--r-- | routers/api/packages/pypi/pypi.go | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/routers/api/packages/pypi/pypi.go b/routers/api/packages/pypi/pypi.go index 558ddd06f0..9fdba1172c 100644 --- a/routers/api/packages/pypi/pypi.go +++ b/routers/api/packages/pypi/pypi.go @@ -22,9 +22,9 @@ import ( packages_service "code.gitea.io/gitea/services/packages" ) -// https://www.python.org/dev/peps/pep-0503/#normalized-names +// https://peps.python.org/pep-0426/#name var normalizer = strings.NewReplacer(".", "-", "_", "-") -var nameMatcher = regexp.MustCompile(`\A[a-zA-Z0-9\.\-_]+\z`) +var nameMatcher = regexp.MustCompile(`\A(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\.\-_]*[a-zA-Z0-9])\z`) // https://peps.python.org/pep-0440/#appendix-b-parsing-version-strings-with-regular-expressions var versionMatcher = regexp.MustCompile(`\Av?` + @@ -130,7 +130,7 @@ func UploadPackageFile(ctx *context.Context) { packageName := normalizer.Replace(ctx.Req.FormValue("name")) packageVersion := ctx.Req.FormValue("version") - if !nameMatcher.MatchString(packageName) || !versionMatcher.MatchString(packageVersion) { + if !isValidNameAndVersion(packageName, packageVersion) { apiError(ctx, http.StatusBadRequest, "invalid name or version") return } @@ -148,7 +148,7 @@ func UploadPackageFile(ctx *context.Context) { Name: packageName, Version: packageVersion, }, - SemverCompatible: true, + SemverCompatible: false, Creator: ctx.Doer, Metadata: &pypi_module.Metadata{ Author: ctx.Req.FormValue("author"), @@ -179,3 +179,7 @@ func UploadPackageFile(ctx *context.Context) { ctx.Status(http.StatusCreated) } + +func isValidNameAndVersion(packageName, packageVersion string) bool { + return nameMatcher.MatchString(packageName) && versionMatcher.MatchString(packageVersion) +} |